This morning, my mac (safari) blocked the 7.10 plugin, stating I needed to download the latest version. However since that is the latest version, obviously that isn't going to help. Presumably this is apple's response to the latest zero-day exploit, putting the ball in oracle's court to produce a fix.

Fine in many ways, but it stops me checking for compatibility on the mac. Hopefully this is less of an issue these days anyway, since oracle is now supplying the jvm, but grouch grouch grouch.

I suppose I ought to disable the java plugin on my PC too for the time being. Maybe I should run two browsers, one for general use with no java, and one for sites where I specifically need java.

All unsigned applets, that is. I think only Very High causes it to trigger for all applets.

Cas

On the Very High setting unsigned applets won't run. On High, you will be prompted before any unsigned Java app runs in the browser. If the JRE is below the security baseline, you will be given an option to update. There is already a prompt for signed/self-signed applets, so basically all applets now have a prompt (a double prompt in Chrome).

You can just download Minecraft and other Java games. I don't see a good reason for a bank to use a Java applet. I guess the Chrome model of always blocking until the user explicitly allows is appropriate.

I've updated my Mac. It now defaults to High settings, where it gives a security prompt if the applet requests a non-current version of the JRE. Question is does compiling for 1.7 make it go away, or do we need to wait for a JDK update? It might be a bit pointless anyway, if it means the latest point release, as applets would require constant recompilation.Edit: Nope - the warning always comes up.

Updating my PC is going to be a pain as I have the standalone JFX 2 installed. Apparently I need to deinstall it first, then upgrade the JRE. I hope this isn't going to make a mess. Don't have time to do that for a bit, so will have to leave the PC java blocked for most sites for the time being.

You can just download Minecraft and other Java games. I don't see a good reason for a bank to use a Java applet. I guess the Chrome model of always blocking until the user explicitly allows is appropriate.

The banks in Denmark all use Java applets(As well as all official stuff like tax, etc. etc. etc.) for 2-factor authentication, called Nem ID(Which is more or less a piece of crap xD), though I don't see why they need to use Java for it. I'm fairly sure it could all be written in pure html though(The login form, that is xD).

Turns out to be pretty difficult to get browsers to all behave in the same ways and securely. The Java plugin actually minimises your risks and targets, from the banks perspective. However it then also occasionally snafus incredibly badly with this sort of driveby attack.

The bad thing is, that people often don't understand that Java is still a fine programming language and summarize such accidents to "Java is bad".

Its quite sad, this is like how many people are terrified of dying in a plane crash when you're over 1,000 times more likely to die in a car accident, because car Accidents never make the news but plane crashes do.

Busy between school, work, life, games, programming and general screwing around.If you'd like some pixel art for your game, send me a PM, i'll see what I can do.Current project: http://elementalwarblog.wordpress.com/

People aren't afraid of dying instantly in plane crashes - they are afraid of 4 minutes of utter terror waiting to die. Car crashes happen so fast you often don't know you're going to have one until the screech of rubber.

The bad thing is, that people often don't understand that Java is still a fine programming language and summarize such accidents to "Java is bad".

Its quite sad, this is like how many people are terrified of dying in a plane crash when you're over 1,000 times more likely to die in a car accident, because car Accidents never make the news but plane crashes do.

Or just use NoScript. (I don't think the analogy really fits.) For everyone else, click to start is good enough. I wish they did that with Flash. It would have spared people from a lot of viruses and full-volume, near-full-screen, flashing advertisements.

Edit: <rant>Since OSX Java isn't an apple product any more, should they really be blocking it. Surely this should be Oracle's call. As thinks stand, apple are breaking various business apps without notice. I gather the SAP client for OSX uses an applet. There's also the usual complaints regarding online banking applets. It makes me wonder if they would block any app they don't like in further, effectively extending the app store walled garden approach. Will Flash be next?

Not that Oracle is blameless either. The latest update doesn't work well with standalone installs of JavaFx 2 (on the PC), and apparently sometimes removes the entire Java 6 installation. </rant>

java-gaming.org is not responsible for the content posted by its members, including references to external websites,
and other references that may or may not have a relation with our primarily
gaming and game production oriented community.
inquiries and complaints can be sent via email to the info‑account of the
company managing the website of java‑gaming.org